Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 22 Jun 2014 23:58:45 +0200
From: David Faure <faure@....org>
To: Richard Moore <rich@....org>
Cc: Nick Boyce <nick.boyce@...il.com>, oss-security@...ts.openwall.com
Subject: Re: KMail/KIO POP3 SSL MITM Flaw

On Sunday 22 June 2014 21:47:50 Richard Moore wrote:
> > I'm not sure whether to interpret the 'Versions' line in the advisory
> > as "bug was introduced at kdelibs 4.10.95"

Yes, this is what
"Versions:       kdelibs 4.10.95 to 4.13.2"
means.

The file usernotificationhandler.cpp was introduced in 4.10.95
(for the fix for bug 154100 and 265228)

Before that, SlaveInterface handled the messagebox request itself, with no 
need for a job pointer.

> There is an IBM ISS report [3] which implies the bug affects at least
> kdelibs 4.6.x ....

No idea where they got that from.... I cannot confirm this.

-- 
David Faure, faure@....org, http://www.davidfaure.fr
Working on KDE Frameworks 5

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ